Anthropic mentioned it created Undertaking Glasswing when capabilities in its new frontier mannequin “revealed a stark truth: AI fashions have reached a stage of coding functionality the place they will surpass all however probably the most expert people at discovering and exploiting software program vulnerabilities.” On the time, it additionally indicated that it was committing upwards of $100 million in utilization credit, in addition to an extra $4 million in donations to open supply security organizations.
In an replace printed late final week, Anthropic acknowledged, “for the previous few months we now have used Mythos Preview to scan greater than 1,000 open-source tasks, which collectively underpin a lot of the web — and far of our personal infrastructure.”
Throughout that course of, Mythos Preview discovered 6,202 excessive or important severity vulnerabilities in these tasks, 1,752 of which have since been assessed by six impartial security analysis corporations.
Maintainers going through bug report deluge
Of those, Anthropic acknowledged, 90.6% (1,587) “have proved to be legitimate true positives, and 62.4% (1,094) had been confirmed as both excessive or important severity. That implies that even when Mythos Preview finds no additional vulnerabilities, at our present post-triage true-positive charges, it’s on observe to have surfaced almost 3,900 excessive or important severity vulnerabilities in open supply code — along with these it has discovered for Undertaking Glasswing’s companions.”
